On Fri, Mar 29, 2024 at 3:50 PM Oliver Webb <aquahobby...@proton.me> wrote: > > > > ah, crap, that's another thing to put on the riscv64 to-do list... > > > (thanks for bringing that to light!) > > > > so, TIL that upstream already added a risc-v bcj implementation... > > I always thought that the xz decompresser we use in toybox ("xx-embeded") and > the main > one (The one with the CVE) were different projects (Separate git repos, one > is much slower > than the other, etc). That being said, There are 0BSD licensed parts in the > xz repo > (one of SIX different licenses).
different repo, same maintainers. > > (rob will of course be delighted to hear of systemd's involvement in > > the exploit chain :-) ) > > Who would've known that a over-complicated, extremely large hairball with a > massive dependency chain > that tries to consume _everything_ makes it easy to perform exploits. > > - Oliver Webb <aquahobby...@proton.me> > _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net